1 /*
2  * magic.c - PPP Magic Number routines.
3  *
4  * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in
15  *    the documentation and/or other materials provided with the
16  *    distribution.
17  *
18  * 3. The name "Carnegie Mellon University" must not be used to
19  *    endorse or promote products derived from this software without
20  *    prior written permission. For permission or any legal
21  *    details, please contact
22  *      Office of Technology Transfer
23  *      Carnegie Mellon University
24  *      5000 Forbes Avenue
25  *      Pittsburgh, PA  15213-3890
26  *      (412) 268-4387, fax: (412) 268-7395
27  *      tech-transfer@andrew.cmu.edu
28  *
29  * 4. Redistributions of any form whatsoever must retain the following
30  *    acknowledgment:
31  *    "This product includes software developed by Computing Services
32  *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
33  *
34  * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
35  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
36  * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
37  * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
38  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
39  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
40  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
41  */
42 /*****************************************************************************
43 * randm.c - Random number generator program file.
44 *
45 * Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
46 * Copyright (c) 1998 by Global Election Systems Inc.
47 *
48 * The authors hereby grant permission to use, copy, modify, distribute,
49 * and license this software and its documentation for any purpose, provided
50 * that existing copyright notices are retained in all copies and that this
51 * notice and the following disclaimer are included verbatim in any
52 * distributions. No written agreement, license, or royalty fee is required
53 * for any of the authorized uses.
54 *
55 * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
56 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
57 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
58 * IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
59 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
60 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
61 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
62 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
63 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
64 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
65 *
66 ******************************************************************************
67 * REVISION HISTORY
68 *
69 * 03-01-01 Marc Boucher <marc@mbsi.ca>
70 *   Ported to lwIP.
71 * 98-06-03 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
72 *   Extracted from avos.
73 *****************************************************************************/
74 
75 #include "netif/ppp/ppp_opts.h"
76 #if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
77 
78 #include "netif/ppp/ppp_impl.h"
79 #include "netif/ppp/magic.h"
80 
81 #if PPP_MD5_RANDM /* Using MD5 for better randomness if enabled */
82 
83 #include "netif/ppp/pppcrypt.h"
84 
85 #define MD5_HASH_SIZE 16
86 static char magic_randpool[MD5_HASH_SIZE];   /* Pool of randomness. */
87 static long magic_randcount;      /* Pseudo-random incrementer */
88 static u32_t magic_randomseed;    /* Seed used for random number generation. */
89 
90 /*
91  * Churn the randomness pool on a random event.  Call this early and often
92  *  on random and semi-random system events to build randomness in time for
93  *  usage.  For randomly timed events, pass a null pointer and a zero length
94  *  and this will use the system timer and other sources to add randomness.
95  *  If new random data is available, pass a pointer to that and it will be
96  *  included.
97  *
98  * Ref: Applied Cryptography 2nd Ed. by Bruce Schneier p. 427
99  */
magic_churnrand(char * rand_data,u32_t rand_len)100 static void magic_churnrand(char *rand_data, u32_t rand_len) {
101   lwip_md5_context md5_ctx;
102 
103   /* LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: %u@%P\n", rand_len, rand_data)); */
104   lwip_md5_init(&md5_ctx);
105   lwip_md5_starts(&md5_ctx);
106   lwip_md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool));
107   if (rand_data) {
108     lwip_md5_update(&md5_ctx, (u_char *)rand_data, rand_len);
109   } else {
110     struct {
111       /* INCLUDE fields for any system sources of randomness */
112       u32_t jiffies;
113 #ifdef LWIP_RAND
114       u32_t rand;
115 #endif /* LWIP_RAND */
116     } sys_data;
117     magic_randomseed += sys_jiffies();
118     sys_data.jiffies = magic_randomseed;
119 #ifdef LWIP_RAND
120     sys_data.rand = LWIP_RAND();
121 #endif /* LWIP_RAND */
122     /* Load sys_data fields here. */
123     lwip_md5_update(&md5_ctx, (u_char *)&sys_data, sizeof(sys_data));
124   }
125   lwip_md5_finish(&md5_ctx, (u_char *)magic_randpool);
126   lwip_md5_free(&md5_ctx);
127 /*  LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: -> 0\n")); */
128 }
129 
130 /*
131  * Initialize the random number generator.
132  */
magic_init(void)133 void magic_init(void) {
134   magic_churnrand(NULL, 0);
135 }
136 
137 /*
138  * Randomize our random seed value.
139  */
magic_randomize(void)140 void magic_randomize(void) {
141   magic_churnrand(NULL, 0);
142 }
143 
144 /*
145  * magic_random_bytes - Fill a buffer with random bytes.
146  *
147  * Use the random pool to generate random data.  This degrades to pseudo
148  *  random when used faster than randomness is supplied using magic_churnrand().
149  * Note: It's important that there be sufficient randomness in magic_randpool
150  *  before this is called for otherwise the range of the result may be
151  *  narrow enough to make a search feasible.
152  *
153  * Ref: Applied Cryptography 2nd Ed. by Bruce Schneier p. 427
154  *
155  * XXX Why does he not just call magic_churnrand() for each block?  Probably
156  *  so that you don't ever publish the seed which could possibly help
157  *  predict future values.
158  * XXX Why don't we preserve md5 between blocks and just update it with
159  *  magic_randcount each time?  Probably there is a weakness but I wish that
160  *  it was documented.
161  */
magic_random_bytes(unsigned char * buf,u32_t buf_len)162 void magic_random_bytes(unsigned char *buf, u32_t buf_len) {
163   lwip_md5_context md5_ctx;
164   u_char tmp[MD5_HASH_SIZE];
165   u32_t n;
166 
167   while (buf_len > 0) {
168     lwip_md5_init(&md5_ctx);
169     lwip_md5_starts(&md5_ctx);
170     lwip_md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool));
171     lwip_md5_update(&md5_ctx, (u_char *)&magic_randcount, sizeof(magic_randcount));
172     lwip_md5_finish(&md5_ctx, tmp);
173     lwip_md5_free(&md5_ctx);
174     magic_randcount++;
175     n = LWIP_MIN(buf_len, MD5_HASH_SIZE);
176     MEMCPY(buf, tmp, n);
177     buf += n;
178     buf_len -= n;
179   }
180 }
181 
182 /*
183  * Return a new random number.
184  */
magic(void)185 u32_t magic(void) {
186   u32_t new_rand;
187 
188   magic_random_bytes((unsigned char *)&new_rand, sizeof(new_rand));
189 
190   return new_rand;
191 }
192 
193 #else /* PPP_MD5_RANDM */
194 
195 /*****************************/
196 /*** LOCAL DATA STRUCTURES ***/
197 /*****************************/
198 #ifndef LWIP_RAND
199 static int  magic_randomized;       /* Set when truely randomized. */
200 #endif /* LWIP_RAND */
201 static u32_t magic_randomseed;      /* Seed used for random number generation. */
202 
203 
204 /***********************************/
205 /*** PUBLIC FUNCTION DEFINITIONS ***/
206 /***********************************/
207 
208 /*
209  * Initialize the random number generator.
210  *
211  * Here we attempt to compute a random number seed but even if
212  * it isn't random, we'll randomize it later.
213  *
214  * The current method uses the fields from the real time clock,
215  * the idle process counter, the millisecond counter, and the
216  * hardware timer tick counter.  When this is invoked
217  * in startup(), then the idle counter and timer values may
218  * repeat after each boot and the real time clock may not be
219  * operational.  Thus we call it again on the first random
220  * event.
221  */
magic_init(void)222 void magic_init(void) {
223   magic_randomseed += sys_jiffies();
224 #ifndef LWIP_RAND
225   /* Initialize the Borland random number generator. */
226   srand((unsigned)magic_randomseed);
227 #endif /* LWIP_RAND */
228 }
229 
230 /*
231  * magic_init - Initialize the magic number generator.
232  *
233  * Randomize our random seed value.  Here we use the fact that
234  * this function is called at *truely random* times by the polling
235  * and network functions.  Here we only get 16 bits of new random
236  * value but we use the previous value to randomize the other 16
237  * bits.
238  */
magic_randomize(void)239 void magic_randomize(void) {
240 #ifndef LWIP_RAND
241   if (!magic_randomized) {
242     magic_randomized = !0;
243     magic_init();
244     /* The initialization function also updates the seed. */
245   } else {
246 #endif /* LWIP_RAND */
247     magic_randomseed += sys_jiffies();
248 #ifndef LWIP_RAND
249   }
250 #endif /* LWIP_RAND */
251 }
252 
253 /*
254  * Return a new random number.
255  *
256  * Here we use the Borland rand() function to supply a pseudo random
257  * number which we make truely random by combining it with our own
258  * seed which is randomized by truely random events.
259  * Thus the numbers will be truely random unless there have been no
260  * operator or network events in which case it will be pseudo random
261  * seeded by the real time clock.
262  */
magic(void)263 u32_t magic(void) {
264 #ifdef LWIP_RAND
265   return LWIP_RAND() + magic_randomseed;
266 #else /* LWIP_RAND */
267   return ((u32_t)rand() << 16) + (u32_t)rand() + magic_randomseed;
268 #endif /* LWIP_RAND */
269 }
270 
271 /*
272  * magic_random_bytes - Fill a buffer with random bytes.
273  */
magic_random_bytes(unsigned char * buf,u32_t buf_len)274 void magic_random_bytes(unsigned char *buf, u32_t buf_len) {
275   u32_t new_rand, n;
276 
277   while (buf_len > 0) {
278     new_rand = magic();
279     n = LWIP_MIN(buf_len, sizeof(new_rand));
280     MEMCPY(buf, &new_rand, n);
281     buf += n;
282     buf_len -= n;
283   }
284 }
285 #endif /* PPP_MD5_RANDM */
286 
287 /*
288  * Return a new random number between 0 and (2^pow)-1 included.
289  */
magic_pow(u8_t pow)290 u32_t magic_pow(u8_t pow) {
291   return magic() & ~(~0UL<<pow);
292 }
293 
294 #endif /* PPP_SUPPORT */
295